2- Obtain Zone File

Importing a zone using API is for advanced users and is suggested for big DNS configurations. There are some tools out there to facilitate this task (Official documentation).

Importing a zone manually using Route 53 Console is easy but only for small DNS configurations.

Importing a zone using "Import Zone File" option on the Route 53 console is easy but relies on our ability to obtain the list of your current DNS server configuration.

A DNS Zone File is a plain text list of your current DNS configuration with all records and their values.
Import Zone File is the method we are going to use in this example. It ensures that no typos are introduced in the migration process and is a easy repeatable method.

Here below my DNS server configuration obtained from my current ISP using a Plesk Control Panel. There are all sorts of Control Panels and Service Providers. I suggest you to send a support request to your current ISP to get that information.

3- Import Zone File

You will get a successful message after a couple of seconds. Otherwise, the console will tell you what was the error and on which line number was produced.

3- Test

The new Hosted Zone and their DNS entries are ready to use.

This is a concept that could be difficult to wrap our head around it: Route 53 is replicating all those changes in realtime across our DNS servers and this configuration is ready to use by anyone.

But, we haven't changed our Internet Domain configuration and therefore no one is connecting to our new DNS servers. That gives us a chance to properly test the transfer result before going Live.

Where are my new DNS servers?

Open your Hosted Zone using Route 53 console. Your new DNS servers for are under the Type: NS.

Use dig command to query your "old" and your "new" DNS servers and compare the result.

First, lets send the request to Internet to get our current Live configuration:

$ dig mail.domenech.org

; <<>> DiG 9.8.3-P1 <<>> mail.domenech.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46712

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;mail.domenech.org.INA

;; ANSWER SECTION:

mail.domenech.org.59INA46.17.142.13

In this example the DNS query was "mail.domenech.org" and the answer is IP 46.17.142.13

Next we perform the same query but this time we instruct dig to ask only to one of our new DNS servers (previously obtained from the Console):

$ dig mail.domenech.org @ns-1322.awsdns-37.org

; <<>> DiG 9.8.3-P1 <<>> mail.domenech.org @ns-1322.awsdns-37.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64064

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; WARNING: recursion requested but not available

;; QUESTION SECTION:

;mail.domenech.org.INA

;; ANSWER SECTION:

mail.domenech.org.3600INA46.17.142.13

;; AUTHORITY SECTION:

domenech.org.172800INNSns-1322.awsdns-37.org.

domenech.org.172800INNSns-1615.awsdns-09.co.uk.

domenech.org.172800INNSns-238.awsdns-29.com.

domenech.org.172800INNSns-912.awsdns-50.net.

The answer is a bit different but the key value, the IP address, is the same. That indicates that this DNS entry has been successfully transferred.

Also notice that the TTL is 59 seconds in the first query and 3600 seconds (1h) in the second query. That is because we have specified $TTL 1h in our Zone File and all the imported entries in Route 53 have this default value. You could change it on each entry manually using the Console or repeat the import process again with a different default TTL value.

4- Rollback plan before changing Live configuration

On the next step we will change our Internet Domain DNS configuration and tell Internet to use our new DNS servers. Before doing that it is suggested to lower our NS entry TTL to 1 hour.

- Access to your Hosted Zone, select the NS entry for your domain and click on the 1h Hour button (the value will be translated to 3600 seconds) and click on "Save Record Set" button.

This instructs other DNS servers connecting to ours to come back an hour later in order to find out if the Route 53 DNS servers are still valid. This give us the option to undo this configuration in the case something goes wrong. In the worst case scenario, the issue will last an hour (the TTL value).

5- Change Internet Domain configuration and bring Route 53 Live

This is the step where all the previous configuration is set in motion.

- Access to Route 53 Registered Domains, select the Internet Domain we plan to modify and click on "Add/Edit Name Servers".

- Write down the current DNS servers list in order to rollback this change if necessary.

A couple of minutes later (depending on the TTL set up on your former DNS servers) the change can be tested using dig.

$ dig domenech.org NS

; <<>> DiG 9.8.3-P1 <<>> domenech.org NS

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29759

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;domenech.org.INNS

;; ANSWER SECTION:

domenech.org.3600INNSns-1615.awsdns-09.co.uk.

domenech.org.3600INNSns-912.awsdns-50.net.

domenech.org.3600INNSns-1322.awsdns-37.org.

domenech.org.3600INNSns-238.awsdns-29.com.

The new Route 53 servers are there and being used by anyone connection to our Internet Domain.

6- Post configuration tasks

Once we are happy and with everything tested we could bring up the TTL values. A higher TTL will improve our users experience and reduce Route 53 cost.

- Access to the NS entry and click twice on the "1d button" to select 172800 seconds (2 days).

7- Rollback

In case something went wrong we could set our former DNS servers in the Internet Domain configuration. Repeat step #5 but this time select your old DNS server list. This will bring your DNS configuration to the initial point once the TTL expires (1 hour in this example).

Monday, December 29, 2014

These are the steps to transfer an Internet domain (domenech.org in this example) to AWS Route 53.

This is not a DNS configuration migration. This is only to make AWS our Domain registrar.

1- Check your current domain registration information

Make sure that your contact details are up to date and that you have all you need to administer your domain configuration (valid email addresses, the domain is not about to expire, the domain is not locked, etc.)

2- Request the Authorisation Code to your current Registrar

The goal of the whole process is to transfer the registrar authority from one registrar (your current) to a new one (AWS). The method to authenticate that this is an authorised request is the Authorisation Code.

3- Initiate the Transfer Domain Wizard

- Type your Internet Domain name and select its TLD (domenech.org in this case).

4- Authorisation Code and your current DNS server

Enter here the Authorisation Code you have received from your current Registrar.

Enter here your current DNS servers names. There is room for 4 server but 2 servers is the minimum required.

Remember: These are your current DNS servers. No change here. We are migrating only the Internet Domain registrar of your domain.

5- Fulfil your contact details

6- Review & Purchase

7- noreply@domainnameverification.net email

The process has been initiated and now should be on pending status.

You can track it on the Route 53 Console Dashboard:

After a couple of days you will receive an email from noreply@domainnameverification.net asking you to approve the transfer. Follow those instructions.

8- Done. Your Internet Domain is now under Amazon Web Services control

9- Test

A good way to test that Internet got it right is to perform a "Who Is" from a public service like http://www.whois.net and query your domain.

Here below the current output of that query for domenech.org. Notice that my personal details are obfuscated by a third party registrar. AWS has delegated the domain registration to http://www.gandi.net/whois and this service includes information obfuscation without any additional cost.

You should know that RedHat, CentOS or Amazon Linux AMI are not the best choice when it comes to use Bitcoin wallet or other Bitcoin related activities. If you are looking for the easy path you should use Ubuntu Linux or Microsoft Windows as platform. The community is much bigger there.

But if you are determined like me to have your Bitcoin Wallet in the Cloud here you have some instructions. They apply to RedHat and its branches like AWS Linux AMI and CentOS.

Launch a EC2 Instance using Amazon Linux AMI HVM. In this example is ami-b521dfc2 (Ireland). I suggest to use the HVM version to maintain compatibility among different EC2 Instance Types.

All command are executed using ec2-user

Update & Reboot

sudo yum updatesudo reboot

PU_IAS6 Repository & Berkeley DB4.8

We will need Berkeley DB 4.8 but our OS comes with 4.7. Let's use PUIAS repository to get the RPMs with need.
Create the repository config file /etc/yum.repos.d/puias-computational.repo and paste into it the repository definition.

$ bitcoind
Error: To use the "-server" option, you must set a rpcpassword in the configuration file:
/home/ec2-user/.bitcoin/bitcoin.conf
It is recommended you use the following random password:
rpcuser=bitcoinrpc
rpcpassword=abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "Bitcoin Alert" admin@foo.com

$

Bitcoind is telling us that we need a minimal configuration file to start with. With the first execution the .bitcoin folder is automatically created under our user directory.

This is our wallet loading and verifying all the Bitcoin blockchain. When the process is complete your wallet will become a node of the Bitcoin network and will help validating Bitcoin transactions. It could take more than 24 hours for the process to complete. You can learn more about this here.
There is a way to speed up this process by downloading a Torrent file. More details at the end of this post.

You can issue commands to interact with the daemon. For instance:

bitcoind getblockcount

to get the number of blocks imported so far. Type bitcoind help for the whole list.

What they are looking for?
- Software Development Engineers
- Business Development Managers
- Technical Program Managers
- Software Development Managers/Directors
- Product Managers

What do I need?
- Bachelor's Degree in Computer Science or related field
- 6+ years professional experience in software development
- Computer Science fundamentals in object-oriented design, data structures, and complexity analysis
- Proficiency in at least one object-oriented programming language such as Java or C++